using System;
using System.Collections;
using System.Security.Principal;

namespace Sedna.Core.Security
{
	/// <summary>
	/// A facility to map external role names (e.g. Sedna.Base or NTLM domain group names)
	/// to Sedna WebUI defined internally.
	/// This is necessary because of the hardcoded nature of the security restrictions
	/// throughout the Sedna WebUI code. These restrictions are based upon the role names
	/// and had to be hardcoded. However, to provide independency from the underlying authentication
	/// schema this role mapping facility is used to convert external role names into the internal ones
	/// </summary>
	public interface IRoleMapper
	{
		/// <summary>
		/// converts external role names encompassed within the principal instance 
		/// to an array of internal role names
		/// </summary>
		/// <param name="principal">authenticated principal that contains external role names</param>
		/// <returns>returns an array of current role's principals. to renew the array contents - relogin is necessary</returns>
		string[] MapPrincipalToRoles(IPrincipal principal);

		/// <summary>
		/// converts a list of external roles into an array of internal role names
		/// </summary>
		/// <param name="externalRoles">a list of external names</param>
		/// <returns>an array of internal names</returns>
		string[] MapPrincipalToRoles(IList externalRoles);
	}
}
